function group_name() { global $db_link; global $lang; // OBTAIN NAME OF GROUP IN DISPLAYED LIST // Force $this->group_id to an integer equal to 0 or greater $this->group_id = intval($this->group_id); if ($this->group_id <= 0) { $this->group_id = 0; } // group_id = 0 --> "All Entries" if ($this->group_id == 0) { $this->group_name = $lang['GROUP_ALL_LABEL']; } elseif ($this->group_id == 1) { $this->group_name = $lang['GROUP_UNGROUPED_LABEL']; } elseif ($this->group_id == 2) { // Admin check if ($_SESSION['usertype'] != "admin") { reportScriptError("URL tampering detected."); exit; } $this->group_name = $lang['GROUP_HIDDEN_LABEL']; // "Hidden Entries" } else { $tbl_grouplist = mysql_fetch_array(mysql_query("SELECT * FROM " . TABLE_GROUPLIST . " AS grouplist WHERE groupid={$this->group_id}", $db_link)); $this->group_name = $tbl_grouplist['groupname']; // Reassign to "All Entries" if given a groupid that doesn't exist if ($this->group_name == "") { $this->group_id = 0; $this->group_name = "All Entries"; } } // Return value return $this->group_name; }
function openDatabase($db_hostname, $db_username, $db_password, $db_name) { session_start(); // Default to local host if a hostname is not provided if (!$db_hostname) { $db_hostname = "localhost"; } // Opens connection to MySQL server $db_link = @mysql_connect($db_hostname, $db_username, $db_password) or die(reportScriptError("<B>An error occurred while trying to connect to the MySQL server.</B> MySQL returned the following error information: " . mysql_error() . " (error #" . mysql_errno() . ")")); // Retrieves the database. $db_get = mysql_select_db($db_name, $db_link) or die(reportScriptError("<B>Unable to locate the database.</B> Please double check <I>config.php</I> to make sure the <I>\$db_name</I> variable is set correctly.")); // Return the connection return $db_link; }
* *************************************************************/ // ** GET CONFIGURATION DATA ** require_once 'constants.inc'; require_once FILE_FUNCTIONS; require_once FILE_CLASS_OPTIONS; session_start(); $username = $_SESSION['username']; //echo $username; // ** OPEN CONNECTION TO THE DATABASE ** $db_link = openDatabase($db_hostname, $db_username, $db_password, $db_name); // ** CHECK FOR LOGIN ** checkForLogin(); // RETRIEVE OPTIONS THAT PERTAIN TO THIS PAGE $options = new Options(); $options = mysql_fetch_array(mysql_query("SELECT displayAsPopup FROM " . TABLE_OPTIONS . " LIMIT 1", $db_link)) or die(reportScriptError("Unable to retrieve options.")); $options->displayAsPopup = $options['displayAsPopup']; // PHP code is placed BEFORE sending any HTML information because we want the script to // stop processing and send another file instead if a single entry is found. // Because we don't rely on the browser to redirect, this allows pressing 'back' on the // browser to take us back to the list, and not keep forwarding. // See if search terms have been passed to this page. $goTo = $_POST['goTo']; if (!$goTo and !$search) { echo "<P>" . $lang['SEARCH_TERMS']; exit; } // goTo functionality // Search does not work so we'll make it do the same thing as goTo for now. if ($search) { $goTo = $search;
$feedback .= ' There was a problem updating your e-mail address. '; // This used to double check for incorrect username and password, but these // are things that should already hopefully be taken care of in a login screen. // However, entering the same e-mail address as before will also cause // mysql_affected_rows to equal 0, so the error message has changed. } else { $mail = new PHPMailer(); $mail->SetLanguage(LANGUAGE_CODE, "lib/phpmailer/language/"); $mail->From = 'noreply@' . $_SERVER['SERVER_NAME']; $mail->FromName = 'noreply@' . $_SERVER['SERVER_NAME']; $message = $lang['SALUTATION'] . " {$username},\n" . $lang['EMAIL_CHANGE'] . "\n\n http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']) . "/register.php?mode=confirm&hash={$hash}&email={$new_email}"; $mail->Subject = $lang[TAB] . ' - ' . $lang['EMAIL_CHANGE_SUBJ']; $mail->Body = $message; $mail->AddAddress($new_email); if (!$mail->Send()) { reportScriptError($lang['ERR_MAIL_NOT_SENT'] . $mail->ErrorInfo); } else { $actionMsg = $lang['MSG_EMAIL_CHANGED']; } } } else { $actionMsg .= $lang['ERR_USER_EMAIL_INVALID']; } break; case "addinfo": //$nnuser = $_POST['nnnuser']; $nuser = $_POST['nnnuser']; $newuserDepartment = $_POST['newuserDepartment']; $newuserBatch = $_POST['newuserBatch']; $newuserDesignation = $_POST['newuserDesignation']; $sqlu = "UPDATE " . TABLE_USERS . " SET department='" . $newuserDepartment . "', batch='" . $newuserBatch . "', designation = '" . $newuserDesignation . "' WHERE username = '******'";
$contact_nickname = stripslashes($tbl_contact['nickname']); $contact_pictureURL = stripslashes($tbl_contact['pictureURL']); $contact_notes = stripslashes($tbl_contact['notes']); $contact_lastUpdate = stripslashes($tbl_lastUpdate['lastUpdate']); $contact_hidden = $tbl_contact['hidden']; $contact_whoAdded = stripslashes($tbl_contact['whoAdded']); // BIRTHDAY... if field is empty, make it equal to "0000-00-00" if (!$contact_birthday) { $contact_birthday = "0000-00-00"; } // Check to see if the person who got to this edit record is the person whoAdded it. // Without this code, someone could click on a record they are allowed to edit, then change the id in the URL to any other. if ($contact_whoAdded != $_SESSION['username'] and $_SESSION['usertype'] != 'admin' and $mode != 'new' or $_SESSION['usertype'] == 'guest') { $_SESSION = array(); session_destroy(); reportScriptError("URL tampering detected. You have been logged out."); } } // BEGIN OUTPUT BUFFER ob_start("callback"); ?> <HTML> <HEAD> <TITLE><?php echo $lang['TITLE_TAB'] . " "; if ($mode == 'new') { echo $lang['EDIT_TITLE_ADD']; } else { echo $lang['EDIT_TITLE_EDIT'] . " {$contact_firstname} {$contact_lastname}\n"; } ?>
*************************************************************/ // ** GET CONFIGURATION DATA ** require_once 'constants.inc'; require_once FILE_FUNCTIONS; // ** OPEN CONNECTION TO THE DATABASE ** $db_link = openDatabase($db_hostname, $db_username, $db_password, $db_name); // ** CHECK FOR LOGIN ** checkForLogin("admin"); // ** PERFORM USER UPDATE TASKS ** $actionMsg = ""; switch ($_GET['action']) { // EDIT A GROUP case "edit": // CHECK FOR GROUP ID if (!$_GET['id']) { reportScriptError("<B>No group provided for this action.</B>"); exit; } // DETERMINE THE GROUP TO DISPLAY $group_id = $_GET['id']; // OBTAIN GROUP NAME if ($group_id <= 1 || !$group_id) { $group_name = "All Entries"; } elseif ($group_id == 2) { $group_name = "Ungrouped Entries"; } else { $r_grouplist = mysql_query("SELECT * FROM " . TABLE_GROUPLIST . " AS grouplist WHERE groupid={$group_id}", $db_link); $tbl_grouplist = mysql_fetch_array($r_grouplist); $group_name = $tbl_grouplist["groupname"]; // Reassign to "All Entries" if given a groupid that doesn't exist if ($group_name == "") {
function optimizeTable($table) { global $db_link; mysql_query("OPTIMIZE TABLE {$table}", $db_link) or die(reportScriptError("<B>There was a problem optimizing table {$table}.</B>")); // end function }
function set_user() { // This function overrides admin-specified options with user options. // Call this function if you need to restore the user settings after resetting // to global settings. // Note: If you do not call this function, you can still obtain the user settings // directly using the $this->user_options variable. global $db_link; $this->user_options = mysql_fetch_array(mysql_query("SELECT * FROM " . TABLE_USERS . " WHERE username='******'username'] . "' LIMIT 1", $db_link)) or die(reportScriptError("Unable to retrieve user options.")); if (!is_null($this->user_options['bdayInterval'])) { $this->bdayInterval = $this->user_options['bdayInterval']; } if (!is_null($this->user_options['bdayDisplay'])) { $this->bdayDisplay = $this->user_options['bdayDisplay']; } if (!is_null($this->user_options['displayAsPopup'])) { $this->displayAsPopup = $this->user_options['displayAsPopup']; } if (!is_null($this->user_options['useMailScript'])) { $this->useMailScript = $this->user_options['useMailScript']; } if (!is_null($this->user_options['language'])) { $this->language = $this->load_lang($this->user_options['language']); } if (!is_null($this->user_options['defaultLetter'])) { $this->defaultLetter = $this->user_options['defaultLetter']; } if (!is_null($this->user_options['limitEntries'])) { $this->limitEntries = $this->user_options['limitEntries']; } }
* Upload pictures for entries. * *************************************************************/ // ** GET CONFIGURATION DATA ** require_once 'constants.inc'; require_once FILE_FUNCTIONS; require_once FILE_CLASS_OPTIONS; // ** OPEN CONNECTION TO THE DATABASE ** $db_link = openDatabase($db_hostname, $db_username, $db_password, $db_name); // ** CHECK FOR LOGIN ** checkForLogin("admin", "user"); // ** RETRIEVE OPTIONS THAT PERTAIN TO THIS PAGE ** $options = new Options(); // ** DENY ACCESS IF UPLOAD IS NOT ALLOWED if ($options->picAllowUpload != 1 && $_SESSION['usertype'] != "admin") { reportScriptError("File uploading has been turned off in this installation."); exit; } // ** BEGIN require FILE_LIB_UPLOAD; #--------------------------------# # Variables #--------------------------------# // The name of the file field in your form. $upload_file_name = "userfile"; $path = "mugshots/"; // ACCEPT mode - if you only want to accept // a certain type of file. // possible file types that PHP recognizes includes: // // OPTIONS INCLUDE: